version: 29.0.0 ocean jasper - joesandbox.com
Post on 25-Dec-2021
6 Views
Preview:
TRANSCRIPT
ID: 285879Cookbook: browseurl.jbsTime: 18:47:07Date: 15/09/2020Version: 29.0.0 Ocean Jasper
2
44444444444556677777788899
101111111111111212122828282829303232323334343434343434
Table of Contents
Table of ContentsAnalysis Reporthttps://sites.google.com/site/id500382349/googledrive/share/downloads/storage?FID=4232244712814
OverviewGeneral InformationDetectionSignaturesClassification
StartupMalware ConfigurationYara OverviewSigma OverviewSignature OverviewMitre Att&ck MatrixBehavior GraphScreenshots
ThumbnailsAntivirus, Machine Learning and Genetic Malware Detection
Initial SampleDropped FilesUnpacked PE FilesDomainsURLs
Domains and IPsContacted DomainsURLs from Memory and BinariesContacted IPsPublic
General InformationSimulations
Behavior and APIsJoe Sandbox View / Context
IPsDomainsASNJA3 FingerprintsDropped Files
Created / dropped FilesStatic File Info
No static file infoNetwork Behavior
Network Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTPS Packets
Code ManipulationsStatistics
BehaviorSystem Behavior
Analysis Process: iexplore.exe PID: 6888 Parent PID: 796GeneralFile ActivitiesRegistry Activities
Copyright null 2020 Page 2 of 35
35353535
35
Analysis Process: iexplore.exe PID: 6936 Parent PID: 6888GeneralFile ActivitiesRegistry Activities
Disassembly
Copyright null 2020 Page 3 of 35
Analysis Report https://sites.google.com/site/id500382349/googledrive/share/downloads/storage?FID=4232244712814…
Overview
General Information
Sample URL: https://sites.google.com/site/id500382349/googledrive/share/downloads/storage?FID=4232244712814
Analysis ID: 285879
Most interesting Screenshot:
Detection
Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 80%
Signatures
No high impact signatures.
Classification
Malware Configuration
Yara Overview
Sigma Overview
No Sigma rule has matched
Signature Overview
Ransomware
Spreading
Phishing
Banker
Trojan / Bot
Adware
Spyware
Exploiter
Evader
Miner
clean
clean
clean
clean
clean
clean
clean
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
malicious
malicious
malicious
malicious
malicious
malicious
malicious
System is w10x64
iexplore.exe (PID: 6888 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
iexplore.exe (PID: 6936 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6888 CREDAT:17410 /prefetch:2 MD5:
071277CC2E3DF41EEEA8013E2AB58D5A)cleanup
No configs have been found
No yara matches
Startup
Copyright null 2020 Page 4 of 35
• Networking
• System Summary
Click to jump to signature section
There are no malicious signatures, There are no malicious signatures, click here to show all signaturesclick here to show all signatures ..
Mitre Att&ck Matrix
InitialAccess Execution Persistence
PrivilegeEscalation
DefenseEvasion
CredentialAccess Discovery
LateralMovement Collection Exfiltration
CommandandControl
NetworkEffects
RemoteServiceEffects Impact
ValidAccounts
WindowsManagementInstrumentation
PathInterception
ProcessInjection 1
Masquerading 1 OSCredentialDumping
File andDirectoryDiscovery 1
RemoteServices
Data fromLocalSystem
ExfiltrationOver OtherNetworkMedium
EncryptedChannel 2
Eavesdrop onInsecureNetworkCommunication
RemotelyTrack DeviceWithoutAuthorization
ModifySystemPartition
DefaultAccounts
ScheduledTask/Job
Boot orLogonInitializationScripts
Boot orLogonInitializationScripts
ProcessInjection 1
LSASSMemory
ApplicationWindowDiscovery
RemoteDesktopProtocol
Data fromRemovableMedia
ExfiltrationOverBluetooth
Non-ApplicationLayerProtocol 1
Exploit SS7 toRedirect PhoneCalls/SMS
RemotelyWipe DataWithoutAuthorization
DeviceLockout
DomainAccounts
At (Linux) Logon Script(Windows)
LogonScript(Windows)
Obfuscated Filesor Information
SecurityAccountManager
QueryRegistry
SMB/WindowsAdmin Shares
Data fromNetworkSharedDrive
AutomatedExfiltration
ApplicationLayerProtocol 2
Exploit SS7 toTrack DeviceLocation
ObtainDeviceCloudBackups
DeleteDeviceData
Behavior Graph
Copyright null 2020 Page 5 of 35
Behavior Graph
ID: 285879
URL: https://sites.google.com/si...
Startdate: 15/09/2020
Architecture: WINDOWS
Score: 0
iexplore.exe
21 87
started
iexplore.exe
3 73
started
googlehosted.l.googleusercontent.com
172.217.22.33, 443, 49723, 49724
GOOGLEUS
United States
storageonnet.top
104.27.187.2, 443, 49729, 49730
CLOUDFLARENETUS
United States
2 other IPs or domains
Legend:
Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Hide Legend
ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
Screenshots
Copyright null 2020 Page 6 of 35
Source Detection Scanner Label Link
https://sites.google.com/site/id500382349/googledrive/share/downloads/storage?FID=4232244712814
0% Avira URL Cloud safe
No Antivirus matches
No Antivirus matches
Source Detection Scanner Label Link
storageonnet.top 1% Virustotal Browse
Source Detection Scanner Label Link
https://accounts.googl 0% URL Reputation safe
https://accounts.googl 0% URL Reputation safe
Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Dropped Files
Unpacked PE Files
Domains
URLs
Copyright null 2020 Page 7 of 35
https://accounts.googl 0% URL Reputation safe
https://sites.gooRoot 0% Avira URL Cloud safe
https://sites.gooom/site/id500382349/googledrive/share/downloadsrarchyRoot 0% Avira URL Cloud safe
https://www.google.%/ads/ga-audiences? 0% URL Reputation safe
https://www.google.%/ads/ga-audiences? 0% URL Reputation safe
https://www.google.%/ads/ga-audiences? 0% URL Reputation safe
https://sites.goo 0% Avira URL Cloud safe
https://sites.gooTRST 0% Avira URL Cloud safe
https://sites.gooom/site/id500382349/googledrive/shareRoot 0% Avira URL Cloud safe
https://sites.gooom/site/id500382349/system/app/pages/sitemap/hierarchyRoot 0% Avira URL Cloud safe
https://storageonnet.top/alt.php&st=e%3DAIHE3cChECCcycniJ5AqKYXc7mgj%252F7zhE02BLqJaxB90SqyU%252F9mL
0% Avira URL Cloud safe
https://sites.google.c 0% Avira URL Cloud safe
www.wikipedia.com/ 0% Virustotal Browse
www.wikipedia.com/ 0% URL Reputation safe
www.wikipedia.com/ 0% URL Reputation safe
www.wikipedia.com/ 0% URL Reputation safe
https://storageonnet.top/alt.php 1% Virustotal Browse
https://storageonnet.top/alt.php 0% Avira URL Cloud safe
Source Detection Scanner Label Link
Name IP Active Malicious Antivirus Detection Reputation
storageonnet.top 104.27.187.2 true false 1%, Virustotal, Browse unknown
googlehosted.l.googleusercontent.com 172.217.22.33 true false high
tal2tot4uenli8d3lphbjvrrl237cfes-a-sites-opensocial.googleusercontent.com
unknown unknown false high
www-sites-opensocial.googleusercontent.com unknown unknown false high
Name Source Malicious Antivirus Detection Reputation
www.apache.org/licenses/LICENSE-2.0 jot_min__en[1].js.2.dr false high
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
ifr[1].htm.2.dr false high
www.nytimes.com/ msapplication.xml4.1.dr false high
https://accounts.googl {A24E1E14-F7BE-11EA-90E8-ECF4BBEA1588}.dat.1.dr
false URL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://sites.gooRoot {A24E1E14-F7BE-11EA-90E8-ECF4BBEA1588}.dat.1.dr
false Avira URL Cloud: safe unknown
https://www.youtube.com/embed/ jot_min__en[1].js.2.dr false high
https://developers.googleblog.com/2018/03/discontinuing-support-for-json-rpc-and.html
cb=gapi[1].js.2.dr false high
https://1367816443-jotspot-embeds.googleusercontent.com/code/8d87fa64604b2a11fae2ed06104c58d3/inner_
home[1].htm.2.dr false high
www.amazon.com/ msapplication.xml.1.dr false high
https://2101636803-jotspot-embeds.googleusercontent.com/code/8d87fa64604b2a11fae2ed06104c58d3/inner_
googledrive[1].htm.2.dr false high
https://1792210807-jotspot-embeds.googleusercontent.com/code/8d87fa64604b2a11fae2ed06104c58d3/inner_
share[1].htm.2.dr false high
https://sites.gooom/site/id500382349/googledrive/share/downloadsrarchyRoot
{A24E1E14-F7BE-11EA-90E8-ECF4BBEA1588}.dat.1.dr
false Avira URL Cloud: safe unknown
https://1082343225-jotspot-embeds.googleusercontent.com/code/8d87fa64604b2a11fae2ed06104c58d3/inner_
storage[1].htm.2.dr false high
www.metacafe.com/embed/ jot_min__en[1].js.2.dr false high
www.twitter.com/ msapplication.xml6.1.dr false high
Domains and IPs
Contacted Domains
URLs from Memory and Binaries
Copyright null 2020 Page 8 of 35
https://tal2tot4uenli8d3lphbjvrrl237cfes-a-sites-opensocial.googleusercontent.com/gadgets/ifr?url=ht
{A24E1E14-F7BE-11EA-90E8-ECF4BBEA1588}.dat.1.dr
false high
https://www.google.%/ads/ga-audiences? ga[1].js.2.dr false URL Reputation: safeURL Reputation: safeURL Reputation: safe
low
https://sites.goo {A24E1E14-F7BE-11EA-90E8-ECF4BBEA1588}.dat.1.dr
false Avira URL Cloud: safe unknown
https://stats.g.doubleclick.net/j/collect? ga[1].js.2.dr false high
https://sites.gooTRST {A24E1E14-F7BE-11EA-90E8-ECF4BBEA1588}.dat.1.dr
false Avira URL Cloud: safe unknown
https://sites.gooom/site/id500382349/googledrive/shareRoot{A24E1E14-F7BE-11EA-90E8-ECF4BBEA1588}.dat.1.dr
false Avira URL Cloud: safe unknown
www.youtube.com/ msapplication.xml8.1.dr false high
https://googledrive.com/thumb/ jot_min__en[1].js.2.dr false high
https://sites.gooom/site/id500382349/system/app/pages/sitemap/hierarchyRoot
{A24E1E14-F7BE-11EA-90E8-ECF4BBEA1588}.dat.1.dr
false Avira URL Cloud: safe unknown
https://lh3.googleusercontent.com/a/default-user js[1].js0.2.dr, js[1].js1.2.dr false high
https://storageonnet.top/alt.php&st=e%3DAIHE3cChECCcycniJ5AqKYXc7mgj%252F7zhE02BLqJaxB90SqyU%252F9mL
{A24E1E14-F7BE-11EA-90E8-ECF4BBEA1588}.dat.1.dr
false Avira URL Cloud: safe unknown
https://1101205389-jotspot-embeds.googleusercontent.com/code/8d87fa64604b2a11fae2ed06104c58d3/inner_
hierarchy[1].htm.2.dr false high
https://sites.google.c {A24E1E14-F7BE-11EA-90E8-ECF4BBEA1588}.dat.1.dr
false Avira URL Cloud: safe unknown
www.wikipedia.com/ msapplication.xml7.1.dr false 0%, Virustotal, BrowseURL Reputation: safeURL Reputation: safeURL Reputation: safe
unknown
https://490905689-jotspot-embeds.googleusercontent.com/code/8d87fa64604b2a11fae2ed06104c58d3/inner_i
downloads[1].htm.2.dr false high
www.live.com/ msapplication.xml3.1.dr false high
www.metacafe.com/fplayer/ jot_min__en[1].js.2.dr false high
https://storageonnet.top/alt.php {A24E1E14-F7BE-11EA-90E8-ECF4BBEA1588}.dat.1.dr
false 1%, Virustotal, BrowseAvira URL Cloud: safe
unknown
www.reddit.com/ msapplication.xml5.1.dr false high
Name Source Malicious Antivirus Detection Reputation
No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs
Contacted IPs
Public
Copyright null 2020 Page 9 of 35
General Information
Joe Sandbox Version: 29.0.0 Ocean Jasper
Analysis ID: 285879
Start date: 15.09.2020
Start time: 18:47:07
Joe Sandbox Product: CloudBasic
Overall analysis duration: 0h 6m 24s
Hypervisor based Inspection enabled: false
Report type: light
Cookbook file name: browseurl.jbs
Sample URL: https://sites.google.com/site/id500382349/googledrive/share/downloads/storage?FID=4232244712814
Analysis system description: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed: 24
Number of new started drivers analysed: 0
Number of existing processes analysed: 0
Number of existing drivers analysed: 0
Number of injected processes analysed: 0
Technologies: HCA enabledEGA enabledAMSI enabled
Analysis Mode: default
Analysis stop reason: Timeout
Detection: CLEAN
Classification: clean0.win@3/57@3/2
Cookbook Comments: Adjust boot timeEnable AMSIBrowsing link: https://sites.google.com/site/id500382349/homeBrowsing link: https://sites.google.com/site/id500382349/googledriveBrowsing link: https://sites.google.com/site/id500382349/googledrive/shareBrowsing link: https://sites.google.com/site/id500382349/system/app/pages/sitemap/hierarchyBrowsing link: https://sites.google.com/site/id500382349/googledrive/share/downloadsBrowsing link: https://accounts.google.com/ServiceLogin?continue=https://sites.google.com/site/id500382349/googledrive/share/downloads/storage&service=jotspotBrowsing link: https://sites.google.com/site/id500382349/system/app/pages/recentChangesBrowsing link: https://sites.google.com/site/id500382349/system/app/pages/reportAbuseBrowsing link: http://sites.google.com/site
IP Country Flag ASN ASN Name Malicious
104.27.187.2 United States 13335 CLOUDFLARENETUS false
172.217.22.33 United States 15169 GOOGLEUS false
Copyright null 2020 Page 10 of 35
Warnings:Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.TCP Packets have been reduced to 100Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, ielowutil.exe, RuntimeBroker.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exeExcluded IPs from analysis (whitelisted): 51.143.111.7, 52.158.208.111, 104.108.39.131, 216.58.206.14, 172.217.22.99, 216.58.212.132, 172.217.16.174, 216.58.205.232, 51.11.168.160, 172.217.23.110, 108.177.15.189, 152.199.19.161, 23.210.248.85, 92.122.213.194, 92.122.213.247, 172.217.22.14, 67.27.158.126, 8.248.131.254, 8.253.207.120, 67.26.83.254, 8.253.95.121, 52.155.217.156Excluded domains from analysis (whitelisted): umwatson.trafficmanager.net, docs.google.com, ssl.gstatic.com, arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, go.microsoft.com, audownload.windowsupdate.nsatc.net, www.google.com, ssl-google-analytics.l.google.com, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, auto.au.download.windowsupdate.com.c.footprint.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, fs.microsoft.com, plus.l.google.com, ie9comview.vo.msecnd.net, sites.google.com, displaycatalog.md.mp.microsoft.com.akadns.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, 93.docs.google.com, gg.google.com, ssl.google-analytics.com, umwatsonrouting.trafficmanager.net, browserchannel-sites.l.google.com, play.google.com, go.microsoft.com.edgekey.net, apis.google.com, cs9.wpc.v0cdn.netReport size getting too big, too many NtDeviceIoControlFile calls found.
No simulations
No context
No context
No context
Show All
Simulations
Behavior and APIs
Joe Sandbox View / Context
IPs
Domains
ASN
Copyright null 2020 Page 11 of 35
No context
No context
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\4A3WNSQA\sites.google[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Size (bytes): 13
Entropy (8bit): 2.469670487371862
Encrypted: false
MD5: C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
SHA1: 35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966
SHA-256: B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
SHA-512: 6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FED
Malicious: false
Reputation: low
Preview:<root></root>
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A24E1E12-F7BE-11EA-90E8-ECF4BBEA1588}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 39000
Entropy (8bit): 1.9181697180192554
Encrypted: false
MD5: B34AC03DB8FD52DA3FE9FD010109AA95
SHA1: 7B17875F02CD6958BCB81964025AA1DBD7E999AB
SHA-256: A700868E76569AF3ED0CC34C65154B3144D3E252827E08765561B80AFA734A9A
SHA-512: DE6D9038182BA40284C4BCC6C00A5505B6E292283E9ADB69EF8E0053CF8D4CE39FD020F66AA5CBC0F15AB16E0FBC27D5148D12482140B5A4E67A7E01A283DFFA
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A24E1E14-F7BE-11EA-90E8-ECF4BBEA1588}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 204226
Entropy (8bit): 2.768936334017072
Encrypted: false
MD5: 4F62719AA391357ED551D656EAD31397
SHA1: B0EBC7AE0760C4D610BEA33BD53F054681377B74
SHA-256: 38D39FE126EA72689EB10471F32F9316B65EB5F1A9E7CCBFB3BAAE3267D6A67F
SHA-512: 4A8264F0A4FF7CE6B4158C96C60468385D4CD1DD9D3D7A92BBCCB1310FDBA63EEB5269D9857801D9361519541CC78C221D8C1DDF533B064ED40A4EFFDED65475
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A24E1E15-F7BE-11EA-90E8-ECF4BBEA1588}.datProcess: C:\Program Files\internet explorer\iexplore.exe
JA3 Fingerprints
Dropped Files
Created / dropped Files
Copyright null 2020 Page 12 of 35
File Type: Microsoft Word Document
Size (bytes): 19032
Entropy (8bit): 1.5836332489591933
Encrypted: false
MD5: 6BCCA7E68A0850216D1A6E4BC8D123BB
SHA1: 169352C1247CF232507F9A9D6BBFC0718EACF0C2
SHA-256: 477AE947E540B593C56D8493477A93018F6F40FAAA59BB9AB291CFFFDD18040E
SHA-512: F5FE8A2C11FFEE465BF7DFF72A242548B453EC40DAFFC3FA81DE72AB32CBDBEA98CDA5FC988C6050B1605A6D67D37636F953DB9972BE06A93CEEDADA7873B38D
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A24E1E15-F7BE-11EA-90E8-ECF4BBEA1588}.dat
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 656
Entropy (8bit): 5.084409096049204
Encrypted: false
MD5: CF1C572BC4E300A119432129F5F519A0
SHA1: 7F39401DFA0713FF9103F8A95D03175FB6B46B09
SHA-256: A5E84A571473B2B882D871A8DF6114FADE31C100355C42DD4B7A304E35864259
SHA-512: 74316EB261B73D3EA4F92C458D81B937B1EDBCD12002E14FD46B0E912AE938EE62AF62B46422DC727201CDCA21680F15FCC47C3047184D82ACA9505A1E22B684
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x791c6171,0x01d68bcb</date><accdate>0x791c6171,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x791c6171,0x01d68bcb</date><accdate>0x791c6171,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 653
Entropy (8bit): 5.13743418283882
Encrypted: false
MD5: 0C9EC6BBFBD7FEEA85D58FCBD8A25B48
SHA1: 328FAAB5451D4FB4CD47246691B59EE3B20177B1
SHA-256: 6137BAE32619EEC3F06A3A3474B1416FFE299557B49FE5B52ECD7312EA29BFE4
SHA-512: 33A1CE3775C4D226CF5EEB349183A2A3C56C93DBE47867ACA0C3C92EC74DBE98515D0D62ABB7DE479C6799E4E791DC2FFC3B032CBC7D0A151E009AAA975E1558
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x790489ec,0x01d68bcb</date><accdate>0x790489ec,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x790489ec,0x01d68bcb</date><accdate>0x7906ec42,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 662
Entropy (8bit): 5.1048169198669635
Encrypted: false
MD5: 19D71201B2B81DBE38DDEDDD0DA881B4
SHA1: D631AF7BDCE700712B07270660B1B4291AD348CD
SHA-256: 6926896C2A76157D685739D7DAFC9D9EC04664B5DBE5DF6AE675C2F6C1E9D053
SHA-512: 0C641E01B06C09C426C9DFC0B71360B7FB7C71A5BEFCA899DC2FE58E4DECBCB9B89F45E1A2174C2F564306981FD5970DFD0B4410860349159C41B551EA41A50F
Malicious: false
Reputation: low
Copyright null 2020 Page 13 of 35
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x791c6171,0x01d68bcb</date><accdate>0x791c6171,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x791c6171,0x01d68bcb</date><accdate>0x791c6171,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 410
Entropy (8bit): 5.166001961014589
Encrypted: false
MD5: CE3080C498C81561C8F694307C613141
SHA1: 656A5A5D42ABE13431B9D5C6EA31FCF823B20363
SHA-256: 2AF3691D90991CD473900FBDE666F557DB9B2B638934D6FCE527F78F4706408C
SHA-512: 3F5634444747D18EF8D44C3BD2E7F542B9C492A48BEA5CCF6D065A5F90E0FDBC2A428B9E939C0249800D00561EBC0A3BD4BD59FEE7C7570B7011A4F875B1371A
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://go.microsoft.com/fwlink/p/?LinkId=255142"/><date>0x259f0d0f,0x01d52d14</date><accdate>0x790bb111,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Bing.url"/><selection>\lowres.png</selection></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 647
Entropy (8bit): 5.1041243066665665
Encrypted: false
MD5: 286C08E8B0F9EEA328365BE2C66E2C23
SHA1: E7BEDDE2C284A53EFBB57D834E5DE7C009061339
SHA-256: 3BC61BC85D6833C66C9D6C52CF6D277F0523E0EFB0ACBA7ADC5B4CF1E9AA5083
SHA-512: 77805E77512AB3C65F5D6F7FF6C8EF7F26BAD68ABF0EB99673537302A0CB7822F0722A808CBD9B81791C2E01AE9EA16D0345EA91744419994F3FD70DE71D749F
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x79179cc8,0x01d68bcb</date><accdate>0x79179cc8,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x79179cc8,0x01d68bcb</date><accdate>0x79179cc8,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 656
Entropy (8bit): 5.11182969463792
Encrypted: false
MD5: A114615727E488C4EB8E7A511BC720F6
SHA1: 48830EE3E1DC0B66D20711C572B5779ED295CB94
SHA-256: 255B46B0BAFA55AB8317CB975159C564F1DCE4A1C8A2FF6DEA89EE609CD311A0
SHA-512: 81734E52B8BFC2ED9B91521E662A1DECD5043A520DB13AC48CC7A8AE6E1239226EAF1A2825D2851AE5376BE6EAF5FDC16B0E1D1637720E146FB450C45C5910B5
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x791ec3d6,0x01d68bcb</date><accdate>0x791ec3d6,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x791ec3d6,0x01d68bcb</date><accdate>0x791ec3d6,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 653
Entropy (8bit): 5.088127585935523
Encrypted: false
Copyright null 2020 Page 14 of 35
MD5: 192FD5FDED66C58607AD80D914168F8C
SHA1: 0C90F8BADB49352824BC5F3FA71F554B4B1A49B0
SHA-256: 5E762C2E57BDB72B57E2F6C9D97F2E2D041AD68F98BACC9FD7F50ED2D6F170CD
SHA-512: 22F119AE5AC7DCC814A2E104673BC58D10BED135A5A9CDC731A7A7E8AC805182D4C210481966B8EE2792BAAF686E360EEE67686535602B0E37E7BD80E40F5A35
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x791c6171,0x01d68bcb</date><accdate>0x791c6171,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x791c6171,0x01d68bcb</date><accdate>0x791c6171,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 656
Entropy (8bit): 5.128369826228533
Encrypted: false
MD5: 568678ABCA3C85844BCA7A4E9DAEA458
SHA1: 10AD3EC8654BA96B94DFD5CB7EB07E3FB6D8771D
SHA-256: 25402E91CB6699F784EEC5E5CB00FBE23AF112F5CC7BD3DFEAB6FA8EF1E88B1C
SHA-512: 9FC2C46D28692908A8D67DF2FD59C3A720971FF4A39E42738499D6425BAF37BC1492F51B76370D5A141C07D58D15A16534CD7565150AA3CFFC9E254613649778
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x79179cc8,0x01d68bcb</date><accdate>0x79179cc8,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x79179cc8,0x01d68bcb</date><accdate>0x79179cc8,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 659
Entropy (8bit): 5.10889016178522
Encrypted: false
MD5: 28FA91DDDA844C239FA6CE370A812051
SHA1: 58796E822BF2C775AA35368F01A5A78E8EA86891
SHA-256: FA8C0627F1725DCFB857641CD27184E7FACE3C7189BBEDBCA2FC5B19632BD392
SHA-512: 2D1F2D47D0C9C863DCAD699BFB0151E8BEB2279BF41C133F842D4D3A8216AEEEFD842888138333209B6C0CD7DB9BE23644DB00D7F66B74CDCE4EAD3497894328
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x790e1363,0x01d68bcb</date><accdate>0x790e1363,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x790e1363,0x01d68bcb</date><accdate>0x79153a5a,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 653
Entropy (8bit): 5.098074218984521
Encrypted: false
MD5: 73BF9EB680B2E098AF746DB73DE67305
SHA1: A6B25DA854A358D50384FF48A95502CF8BE54362
SHA-256: 43A2CB5C24D381742C4DAEE3ECED210FBF8D8F2DEB5F00378230CAF2D454507D
SHA-512: E015414A545135B9ACEF8333BA505BCBADAC853542F24E9FB522571557E2096DE185A3D799DE5F5EB9C2C9DB5413053D5EB98C5F9C8A56947068DF159B397676
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x79153a5a,0x01d68bcb</date><accdate>0x79153a5a,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x79153a5a,0x01d68bcb</date><accdate>0x79153a5a,0x01d68bcb</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
Copyright null 2020 Page 15 of 35
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.datProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: data
Size (bytes): 5736
Entropy (8bit): 2.166986963437441
Encrypted: false
MD5: BD6B53ABAC99207AC3D194ECE491B7A3
SHA1: E1582042522CA46AB3C946C4E8738F5B1103F735
SHA-256: 5314699A897741E5881A2A2F2F1A8A2D3EFCE3C31B5FD7F746AC3C3A29A7672E
SHA-512: 634AA4190E3619F1442B114473679506426A0757FFD001B35BDF3A9A664F8C80A141C5B7329243F7B74A45961472DDE9BE4565DAFF5EFE8333E168D7FF8A9FFB
Malicious: false
Reputation: low
Preview:8.h.t.t.p.s.:././.w.w.w...g.o.o.g.l.e...c.o.m./.i.m.a.g.e.s./.i.c.o.n.s./.p.r.o.d.u.c.t./.s.i.t.e.s.-.1.6...i.c.o.~............... .h.......(....... ..... ..........................B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B.............................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\allthemes-view[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 2225
Entropy (8bit): 4.5074157444177105
Encrypted: false
MD5: 0CE4597C3D5C4B16737347634F71EEA7
SHA1: 6A14E51B59036EF6F598133231C2C98EBCEBD174
SHA-256: 3CA333C8F9FB68D7B657F593D01059FF8B060126E5BD21644CF1A554BB1C920F
SHA-512: 2C4694689DDA053490AE8260DA2EC135E892A2222D0732DE55CEA3D3483350BE37D81941693D409A76AAA49E6C189950A68D509879EE07D74290565E80AF75C5
Malicious: false
Reputation: low
IE Cache URL: https://sites.google.com/site/id500382349/_/rsrc/1599117977000/system/app/css/camelot/allthemes-view.css
Preview:.goog-tree-row{padding-bottom:8px}.goog-tree-row .goog-tree-item-label{vertical-align:bottom}.goog-tree-row .goog-tree-icon,.goog-tree-root>.goog-tree-row .goog-tree-icon{background:url('../../images/camelot.png') no-repeat;margin-left:6px}.goog-tree-root>.goog-tree-row .goog-tree-icon{background-position:-208px 0;margin-left:2px;height:15px;width:15px;position:relative;top:-1px}.goog-tree-row .goog-tree-file-icon,.goog-tree-row .goog-tree-expanded-folder-icon,.goog-tree-row .goog-tree-collapsed-folder-icon,.sites-delete-items-subtree .goog-tree-root>.goog-tree-row .goog-tree-icon{margin-left:0;width:0}div .goog-tree-row .goog-tree-expand-icon-tplus,div .goog-tree-row .goog-tree-expand-icon-tminus,div .goog-tree-row .goog-tree-expand-icon-lplus,div .goog-tree-row .goog-tree-expand-icon-lminus{width:11px;margin-left:5px}div .goog-tree-row .goog-tree-expand-icon-t,div .goog-tree-row .goog-tree-expand-icon-l{background-position:-275px 0;width:8px;margin-left:8px}.site-rtl div .goog-tree-r
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\background_gradient[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
Size (bytes): 453
Entropy (8bit): 5.019973044227213
Encrypted: false
MD5: 20F0110ED5E4E0D5384A496E4880139B
SHA1: 51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
SHA-256: 1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
SHA-512: 5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
Malicious: false
Reputation: low
Preview:......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\camelot[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 842 x 17, 8-bit/color RGBA, non-interlaced
Size (bytes): 3827
Entropy (8bit): 7.897599275600258
Encrypted: false
MD5: 5B8D3E2247DD46B3C38304417E37EEEB
SHA1: 336776F4039D1CE46A76C31C78CC514AADB78C69
SHA-256: 249F0F77045CAF964DC7728262B357F7EC91BBA35B6FB9E3BBCC053088A73640
SHA-512: 263A99C0567EFA684D205A0DB74CF8D714F5CEE84D954231A732AF93E2EB67B923D59AAE79DBDFD959F9D839A103FE3FBBA79A48FB86F075F93E1671D52E84D2
Malicious: false
Reputation: low
Copyright null 2020 Page 16 of 35
IE Cache URL: https://ssl.gstatic.com/sites/p/874be4/system/app/images/camelot.png
Preview:.PNG........IHDR...J..........{\D....IDATx..[.U...I.M..S|.y. ..1..}h.K.E...P).C... B...4..qZ.(^....4.C.DKL+.......(H.J..Z-.pu}.o.Yg.u..s....c....{.....!....D...@T......:._.x..X.....S..._....{.9..eC.R^.{I..C.wq.G..]a>".....1jq..+..u.i8......l.x...x.-.Z...:q.1}hh..b.rk.X...].-..c.X].W.A..yq...c9.+...=<.]s1..'ORp. .>.)...gD.......,Y...;{,...m.s,>{l.l...C.....N....s..cJ.......5....Y`,C>F.....B..X5x....X..V./^......z.-Z...E.w./.7.cz3...H7..C.i.........CE.$...c....~:c......w9.#.......J..`.....L..y.f..a...f=}-....+.^.7a..a..T19.).L.$z..R.....5.4.......L.i.,.V. ..4b]...X.....5k....J.7.q.v|-E......(.s0.AI.O:..$...R|H"2(1....+.]....(P....O.J.../.r..I..T.?.~..';v....qI!.2.....K.....o.....)] ...!.|...(.1.g../.................p.{.-4.b@.A..a.z.j:>>...j...... .....9..n.}..5._.......K9.%_E'TQR)?.(.....(.*N.&...K...j..OP..(MUP:.y. ...(z..z-5(u.v.....t@d..y.:u.OM.%....\.].(!..a....@.........%.5.....1......K......~~....MH.....6.j...^.D.#.(.0.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\camelot[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\errorPageStrings[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators
Size (bytes): 4720
Entropy (8bit): 5.164796203267696
Encrypted: false
MD5: D65EC06F21C379C87040B83CC1ABAC6B
SHA1: 208D0A0BB775661758394BE7E4AFB18357E46C8B
SHA-256: A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
SHA-512: 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
Malicious: false
Reputation: low
Preview:.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\jot_min_view__en[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Size (bytes): 316039
Entropy (8bit): 5.447881784379425
Encrypted: false
MD5: 0DD58F1BBF5E9AEB53EE139C817E3E62
SHA1: 6326C193E97F57AF07EED2212A64BE8572183E43
SHA-256: C5730DC7D6FC2464179F63CFF7A850349A924F7C49719FEAB1E31F7E1931CAFA
SHA-512: 12DD27C919D2302DC3F952CD111301D295DF26F2B314CC88A69A2593A456554F413270A37A20E59992FEA5F4248AF92C8741DAFFDF867601128AB6DF8253B473
Malicious: false
Reputation: low
IE Cache URL: https://ssl.gstatic.com/sites/p/874be4/system/js/jot_min_view__en.js
Preview:/* Copyright 2008 Google. */ (function() { /*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var aa=" apps-actiondatawidget-content-element",ba='" class="',ca='" tabindex="0" role="button">',d='">',da='"></div>',ea='"><a target="keyboard_shortcuts_help_window" href="',fa='"><div class="',ha='"><span id="',ia='"><table cellpadding="0" class="',ja="' of type ",ka="-caption",la="-content",ma="-default",na="-disabled",pa="-dropdown",qa="-inner-box",ra="-outer-box",sa="</div>",ta="</h3></th></tr>",ua="</td></tr>",va='</td><td class="',wa='<div class="',xa='<span aria-label="',ya='<span class="',.za='<tr><td class="',Aa='<tr><th colspan="2"><h3 class="',Ba="Application",Da="BUTTON",Ea="CSS1Compat",Fa="CSS_APP_TABLE",Ga="CSS_SHORTCUTS_HELP_POPUP_CONTENT_ELEMENT",Ha="CSS_SHORTCUTS_HELP_POPUP_CONTENT_HEADER",Ia="CSS_SHORTCUTS_HELP_POPUP_HEADER_TABLE_ELEMENT",Ja="CSS_SHORTCUTS_HELP_POPUP_TEAROFF_LINK",Ka="Compatible spreadsheet shortcut",La="Component already re
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\overlay[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 2790
Entropy (8bit): 4.553469987986986
Encrypted: false
MD5: D1FCCD26A463FAFD6C91780EB768A16B
SHA1: B75C0A6AD11127049B83EFE09DE40F44C4A53C3C
SHA-256: 1FF941D5340A2E53989931C6A0B91C21315E234CC52E68E62DBD72B3C861AC1C
SHA-512: 752F90B962FB63AE35C5624268A1A8AFFCC59759E441F4856E54D06B1FB40B7B7113735136E89872532F845505BDBEA0CFD7336D3FA0E152D115EB62968B9AB9
Malicious: false
Reputation: low
IE Cache URL: https://sites.google.com/site/id500382349/_/rsrc/1599117977000/system/app/css/overlay.css?cb=microlite1a150goog-ws-nonenone30themedefaultstandard
Preview:.sites-chrome-header-valign-top{vertical-align:top!important}.sites-chrome-header-valign-top h2 a{vertical-align:top!important}.sites-chrome-header-valign-top h2 a img{vertical-align:top!important}.sites-layout-searchbox .sites-chrome-header-valign-top{vertical-align:top!important}#sites-chrome-everything #sites-chrome-header .sites-logo.sites-chrome-header-valign-top{float:none}.sites-chrome-header-valign-bottom{vertical-align:bottom!important}.sites-chrome-header-valign-bottom h2 a{vertical-align:bottom!important}.sites-chrome-header-valign-bottom h2 a img{vertical-align:bottom!important}.sites-layout-searchbox .sites-chrome-header-valign-bottom{vertical-align:bottom!important}#sites-chrome-everything #sites-chrome-header .sites-logo.sites-chrome-header-valign-bottom{float:none}.sites-chrome-header-valign-middle{vertical-align:middle!important}h2 a .sites-chrome-header-valign-middle{vertical-align:middle!important}h2 a img .sites-chrome-header-valign-middle{vertical-align:middle!impo
Copyright null 2020 Page 17 of 35
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\rpc[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 24457
Entropy (8bit): 5.371008401416112
Encrypted: false
MD5: B434B7E86C2C528F720C217006FB80FB
SHA1: E71CD371BB4E94BDCCB6BF85CEC8C8ABEA2DE339
SHA-256: 8A9977AB6CB178753C6CEEDE4125A3D771757BF835824028C2E4446331B8415F
SHA-512: DFB88497331469AB01A5E4E3FFAAC630AC0E04FEE2910A437B4A56865E145598789AACE493874466E0AC9A687B3CE3F888E56CE20C6FE24E673F8AE5CB0C7AAE
Malicious: false
Reputation: low
IE Cache URL: https://www-sites-opensocial.googleusercontent.com/gadgets/js/rpc.js?container=enterprise&nocache=0&debug=0&c=1&v=e7d0babcaee54af0bb39e14e45519bdd&sv=10
Preview:window['___jsl'] = window['___jsl'] || {};(window['___jsl']['ci'] = (window['___jsl']['ci'] || [])).push({"rpc":{"disableForceSecure":true,"passReferrer":"p2c:query","parentRelayUrl":"/rpc_relay.html"}});window['___jsl']=window['___jsl']||{};(window['___jsl']['ci'] = (window['___jsl']['ci'] || [])).push({"rpc":{"disableForceSecure":true,"passReferrer":"p2c:query","parentRelayUrl":"/rpc_relay.html"}});./* [start] feature=taming */.var safeJSON=window.safeJSON;.var tamings___=window.tamings___||[];.var bridge___;.var caja___=window.caja___;.var ___=window.___;;../* [end] feature=taming */../* [start] feature=gapi-globals */.var gapi=window.gapi||{};gapi.client=window.gapi&&window.gapi.client||{};.;.;../* [end] feature=gapi-globals */../* [start] feature=globals */.var gadgets=window.gadgets||{},shindig=window.shindig||{},osapi=window.osapi=window.osapi||{};.;../* [end] feature=globals */../* [start] feature=core.config.base */.window['___cfg'] = window['___cfg'] || window['___gcfg'];;.if
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\share[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Size (bytes): 20860
Entropy (8bit): 5.332971777452247
Encrypted: false
MD5: 851DFB04207A2C9D15BAD5DAEA81376E
SHA1: 256770112C628276A21330CC8E61B2327A7CA1AB
SHA-256: 9F47EDD20B859428897F000A83AE46036A131DA558C867F64B49ECE62756EFF8
SHA-512: 949427A6F3667B3B3DEFE91E8502072387B828A5CED3D80FC7C763D0EA46C86C0D0078662743DEF7636087D0C813E668255A04B1F3E8E853AD7C23D5E5D81C8F
Malicious: false
Reputation: low
IE Cache URL: https://sites.google.com/site/id500382349/googledrive/share
Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" itemscope="" itemtype="http://schema.org/WebPage">.<head>.<meta http-equiv="content-type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="chrome=1" />.<script type="text/javascript">/* Copyright 2008 Google. */ (function() { /*..Copyright The Closure Library Authors..SPDX-License-Identifier: Apache-2.0.*/.(function(){function e(g){this.t={};this.tick=function(h,k,f){this.t[h]=[void 0!=f?f:(new Date).getTime(),k];if(void 0==f)try{window.console.timeStamp("CSI/"+h)}catch(m){}};this.getStartTickTime=function(){return this.t.start[0]};this.tick("start",null,g)}var a;if(window.performance)var d=(a=window.performance.timing)&&a.responseStart;var l=0<d?new e(d):new e;window.jstiming={Timer:e,load:l};if(a){var b=a.navigationStart;0<b&&d>=b&&(window.jstiming.srt=d-b)}if(a){var c=window.jstiming.load
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\standard-css-microlite-ltr-ltr[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 193539
Entropy (8bit): 5.067860958241399
Encrypted: false
MD5: 10F8EB1603E72A02F45D168CD1728723
SHA1: D432E49253BDCAE6AE5408F06B223C1C40D6504B
SHA-256: FCEA28CF7BE5609AEA3A506104118ECAE08B5FAE22768EB70E1312C3E53575D6
SHA-512: 7411F3421B24B8D87F09AD4B1232503706A588F9ACEDBCDD64DB6B1221377D04399C5306A0858993DDFF02DA2295E0C1F638251FD8EED7ED121D3191B417F526
Malicious: false
Reputation: low
IE Cache URL: https://ssl.gstatic.com/sites/p/874be4/system/app/themes/microlite/standard-css-microlite-ltr-ltr.css
Preview:/* Copyright 2020 Google Inc. All Rights Reserved. */..goog-tab{position:relative;padding:4px 8px;color:#00c;text-decoration:underline;cursor:default}.goog-tab-bar-top .goog-tab{margin:1px 4px 0 0;border-bottom:0;float:left}.goog-tab-bar-top:after,.goog-tab-bar-bottom:after{content:" ";display:block;height:0;clear:both;visibility:hidden}.goog-tab-bar-bottom .goog-tab{margin:0 4px 1px 0;border-top:0;float:left}.goog-tab-bar-start .goog-tab{margin:0 0 4px 1px;border-right:0}.goog-tab-bar-end .goog-tab{margin:0 1px 4px 0;border-left:0}.goog-tab-hover{background:#eee}.goog-tab-disabled{color:#666}.goog-tab-selected{color:#000;background:#fff;text-decoration:none;font-weight:bold;border:1px solid #6b90da}.goog-tab-bar-top{padding-top:5px!important;padding-left:5px!important;border-bottom:1px solid #6b90da!important}.goog-tab-bar-top .goog-tab-selected{top:1px;margin-top:0;padding-bottom:5px}.goog-tab-bar-bottom .goog-tab-selected{top:-1px;margin-bottom:0;padding-top:5px}.goog-tab-bar-start
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\downloads[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Size (bytes): 21267
Entropy (8bit): 5.335830136584567
Copyright null 2020 Page 18 of 35
Encrypted: false
MD5: F2A3BBC47F820ECE4E7EB08EAC524AA6
SHA1: BC0CC9F5DECC0B8CA641D46234498B2AD8F9C274
SHA-256: 8EBCB72C5312EE90990282954196AFAADEE2C0846170676BACE30BE09EE039FD
SHA-512: ED3DCC880872D7B9D4392F596F672F8B7A6B4D797B5BA32C38309146F3B368C2262997064A918C363879723949E5791791AA2011708160569D967E659A8C9888
Malicious: false
Reputation: low
IE Cache URL: https://sites.google.com/site/id500382349/googledrive/share/downloads
Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" itemscope="" itemtype="http://schema.org/WebPage">.<head>.<meta http-equiv="content-type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="chrome=1" />.<script type="text/javascript">/* Copyright 2008 Google. */ (function() { /*..Copyright The Closure Library Authors..SPDX-License-Identifier: Apache-2.0.*/.(function(){function e(g){this.t={};this.tick=function(h,k,f){this.t[h]=[void 0!=f?f:(new Date).getTime(),k];if(void 0==f)try{window.console.timeStamp("CSI/"+h)}catch(m){}};this.getStartTickTime=function(){return this.t.start[0]};this.tick("start",null,g)}var a;if(window.performance)var d=(a=window.performance.timing)&&a.responseStart;var l=0<d?new e(d):new e;window.jstiming={Timer:e,load:l};if(a){var b=a.navigationStart;0<b&&d>=b&&(window.jstiming.srt=d-b)}if(a){var c=window.jstiming.load
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\downloads[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\hierarchy[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Size (bytes): 21230
Entropy (8bit): 5.321578399197326
Encrypted: false
MD5: C1CA13F1493756E66DDFFFBAAFAC6C64
SHA1: 8F5032A5BA88D09330ED342298B5E869EDC2F6EF
SHA-256: 6C8C18AD67BED52C68DD17C0E4F667AF22C83A78041B4EA0C3E3FC2491BB616F
SHA-512: F6698A5FABE84CFA2745A62261BDBEF62FA68B65F93A1EB14C702FAF865670A3280D0E323F6F5A101261E5BF00E50446954EFDB953C562481A44FA9CCC701EAE
Malicious: false
Reputation: low
IE Cache URL: https://sites.google.com/site/id500382349/system/app/pages/sitemap/hierarchy
Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" itemscope="" itemtype="http://schema.org/WebPage">.<head>.<meta http-equiv="content-type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="chrome=1" />.<script type="text/javascript">/* Copyright 2008 Google. */ (function() { /*..Copyright The Closure Library Authors..SPDX-License-Identifier: Apache-2.0.*/.(function(){function e(g){this.t={};this.tick=function(h,k,f){this.t[h]=[void 0!=f?f:(new Date).getTime(),k];if(void 0==f)try{window.console.timeStamp("CSI/"+h)}catch(m){}};this.getStartTickTime=function(){return this.t.start[0]};this.tick("start",null,g)}var a;if(window.performance)var d=(a=window.performance.timing)&&a.responseStart;var l=0<d?new e(d):new e;window.jstiming={Timer:e,load:l};if(a){var b=a.navigationStart;0<b&&d>=b&&(window.jstiming.srt=d-b)}if(a){var c=window.jstiming.load
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\home[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Size (bytes): 19494
Entropy (8bit): 5.321831300688893
Encrypted: false
MD5: 5ED24E184D8EFCA442EBF81203A950C7
SHA1: 815E61267E7A6FB33A73CD1E0F321AB6FE35C895
SHA-256: BA7FF3BD23C7E58536190A203CD29E22D0EB00E0EA3206A21F9FC0F757D19376
SHA-512: 716FDC5D03BCE8374ECE90CE44216F8A0D6D9E505C73979145CF94DC6DEEDF01B8D6EF46AB21547FE68C73CDCA4C1E01D6FDBD519E03938B42396F982C0AE682
Malicious: false
Reputation: low
IE Cache URL: https://sites.google.com/site/id500382349/home
Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" itemscope="" itemtype="http://schema.org/WebPage">.<head>.<meta http-equiv="content-type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="chrome=1" />.<script type="text/javascript">/* Copyright 2008 Google. */ (function() { /*..Copyright The Closure Library Authors..SPDX-License-Identifier: Apache-2.0.*/.(function(){function e(g){this.t={};this.tick=function(h,k,f){this.t[h]=[void 0!=f?f:(new Date).getTime(),k];if(void 0==f)try{window.console.timeStamp("CSI/"+h)}catch(m){}};this.getStartTickTime=function(){return this.t.start[0]};this.tick("start",null,g)}var a;if(window.performance)var d=(a=window.performance.timing)&&a.responseStart;var l=0<d?new e(d):new e;window.jstiming={Timer:e,load:l};if(a){var b=a.navigationStart;0<b&&d>=b&&(window.jstiming.srt=d-b)}if(a){var c=window.jstiming.load
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\host[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 191554
Entropy (8bit): 5.523143819457407
Encrypted: false
MD5: 20EB18C5E06A1A404303875DEC6D017F
SHA1: 3AC308ECEEF1AAEF70C70BA135F4FA52803FE3F6
SHA-256: FD8CC606DAAD49676667896FC31D5C8C8A035B5D0AE7D5D9E14F21B0965320B0
Copyright null 2020 Page 19 of 35
SHA-512: 35EAFB71E9EE437DE482DF00DADC147A3C4893A78FE1A09B5ABDC0E0A7DA5C6524C0836B8E88150BB9E5E6C8E139CDCD6CDC8E6C1101033C16280C0F71D10CC9
Malicious: false
Reputation: low
IE Cache URL: https://93.docs.google.com/comments/d/AAHRpnXsyO8Rt87TTHQ1KkSdlmryUGQwWh_QUibS3uu5-JbCdq2Y1PssUXeNhziBl9XnxxrvKHb87yjwk6b_PxwQBCjYgbJBixc1OLt2hq1J3_sIenq6UZrQdDq3ndd5R8ke0Jc9PECWL/js/host?token
Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var aa="//www.google.com/images/cleardot.gif",ba="CUSTOM",ca="Client failure. ",da="Component already rendered",ea="Content-Type",fa="Create session failed",ha="Creating session",ia="DIV",ja="Edge",la="Error in protected function: ",ma="GuidedHelpResume",na="Invalid listener argument",oa="Not available",pa="Opera",qa="POST",ra="SCRIPT",sa="SETUP",ta="SETUP_ACK",ua="SETUP_ACK_NTPV2",va="Symbol.iterator",wa="Transient error",xa="Trying to send a request without a request sender for - ",ya="Unable to set parent component",.za="X-Goog-Upload-Status",Aa="about:invalid#zClosurez",Ba="absolute",Ca="activedescendant",Da="aria-activedescendant",Ea="arraybuffer",Fa="base64",Ga="boolean",Ha="border-box",Ia="checked",Ja="complete",Ka="contextmenu",La="crosswindowmessaging.channel",Ma="document",h="function",Na="goog-inline-block ",Oa="goog-menu-button",Pa="goog-menuheader",Qa="goog-menuseparator",Ra="go
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\host[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\ifr[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Size (bytes): 19830
Entropy (8bit): 5.4407794192913155
Encrypted: false
MD5: 1E8C29B2F4E11D89A62EA8AD7585AD94
SHA1: B0E8B28C08BDB50346BCF2DB1E895BDCDB684EFD
SHA-256: B0B3DBF6EB94D9AF925DCEF11147609DEC7A47E18A0320F98A51FD9FDD226891
SHA-512: 3754BB01EB54F4A8A96D5CA9E2A048EB6E5DF277FF457C581469EA19601BD061EC2449E635436A2E0084565FDDB8CEB828FAD50E173AA3F891B6A4ED61475F6E
Malicious: false
Reputation: low
IE Cache URL: https://tal2tot4uenli8d3lphbjvrrl237cfes-a-sites-opensocial.googleusercontent.com/gadgets/ifr?url=hosting.gmodules.com/ig/gadgets/file/106581606564100174314/iframe.xml&container=enterprise&view=default&lang=en&country=ALL&sanitize=0&v=875834562a0de6ec&libs=core:dynamic-height&mid=66&parent=https://sites.google.com/site/id500382349/googledrive/share/downloads/storage
Preview:<html><head><script>(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.(function(){function e(g){this.t={};this.tick=function(h,m,f){var n=void 0!=f?f:(new Date).getTime();this.t[h]=[n,m];if(void 0==f)try{window.console.timeStamp("CSI/"+h)}catch(q){}};this.getStartTickTime=function(){return this.t.start[0]};this.tick("start",null,g)}var a;if(window.performance)var d=(a=window.performance.timing)&&a.responseStart;var p=0<d?new e(d):new e;window.jstiming={Timer:e,load:p};if(a){var b=a.navigationStart;0<b&&d>=b&&(window.jstiming.srt=d-b)}if(a){var c=window.jstiming.load;.0<b&&d>=b&&(c.tick("_wtsrt",void 0,b),c.tick("wtsrt_","_wtsrt",d),c.tick("tbsd_","wtsrt_"))}try{var k=window.top!=window.self,l=window.location.href;a=null;window.chrome&&window.chrome.csi&&(a=Math.floor(window.chrome.csi().pageT),c&&0<b&&(c.tick("_tbnd",void 0,window.chrome.csi().startE),c.tick("tbnd_","_tbnd",b)));null==a&&window.gtbExternal&&(a=k?window.gtbExternal.frameT(l)
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\info_48[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
Size (bytes): 4113
Entropy (8bit): 7.9370830126943375
Encrypted: false
MD5: 5565250FCC163AA3A79F0B746416CE69
SHA1: B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
SHA-256: 51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
SHA-512: E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
Malicious: false
Reputation: low
Preview:.PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..|.......*.7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..*}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f*.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg..*..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\js[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Size (bytes): 1106260
Entropy (8bit): 5.576425766974725
Encrypted: false
MD5: 66B8F3CB8EF2D9E99068803156D54F1A
SHA1: 4B043F0C309071F07A8F29EC7F4EFD66D5EB4A9C
SHA-256: 51A5ABC3783E773FBB4245C50C4550383D6CA32FD35A91B42D7E79649015B643
SHA-512: 267D579F71D353F4F123DA727D9373811D310BA69A6467723FDCC77D8A2071D91C909E5613FC28F67E61B830C5641FC471A24BB553D80A627B1D6444F6E4710E
Malicious: false
Copyright null 2020 Page 20 of 35
Reputation: low
IE Cache URL: https://docs.google.com/comments/d/AAHRpnXsyO8Rt87TTHQ1KkSdlmryUGQwWh_QUibS3uu5-JbCdq2Y1PssUXeNhziBl9XnxxrvKHb87yjwk6b_PxwQBCjYgbJBixc1OLt2hq1J3_sIenq6UZrQdDq3ndd5R8ke0Jc9PECWL/api/js?anon=true&pref=2
Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ba=' class="',ca=' data-hovercard-id="',da=' data-name="',ea=' dir="ltr"><div class="',fa=" not supported",ha='" aria-hidden="true">•</div>',ia='" aria-hidden="true">•</div><div class="',ja='" aria-hidden="true"></div></div>',ka='" class="',la='" role="button" tabindex="0" title="',ma='" role="button" tabindex="0">',na='" role="heading">',oa='" style="display: none">',pa='" style="display: none"></div>',qa='" style="display: none"></div><div class="',ta='" style="display: none"><div class="',.ua='" style="display:none"></span></div>',va='" style="width: ',wa='"/><label for="',g='">',xa='"></div>',ya='"></div></div>',za='"></div></div></div>',Aa='"></div></div></div><div class="',Ba='"></div></div><div class="',Ca='"></div><div class="',Da='"><div class="',Ea='"><span class="',Fa='"><table><tr><td class="',Ga="#d6MZcd",Ha="+1 this comment",Ia="+redo",Ja="+undo",Ka="-dcs-bh",La="
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\js[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\navcancl[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Size (bytes): 2713
Entropy (8bit): 4.1712007174415895
Encrypted: false
MD5: 4BCFE9F8DB04948CDDB5E31FE6A7F984
SHA1: 42464C70FC16F3F361C2419751ACD57D51613CDF
SHA-256: BEE0439FCF31DE76D6E2D7FD377A24A34AC8763D5BF4114DA5E1663009E24228
SHA-512: BB0EF3D32310644285F4062AD5F27F30649C04C5A442361A5DBE3672BD8CB585160187070872A31D9F30B70397D81449623510365A371E73BDA580E00EEF0E4E
Malicious: false
Reputation: low
Preview:.<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html>.... <head>.. <link rel="stylesheet" type="text/css" href="res://ieframe.dll/ErrorPageTemplate.css" />.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.... <title>Navigation Canceled</title>.... <script src="res://ieframe.dll/errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="res://ieframe.dll/httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:navCancelInit(); ">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="res://ieframe.dll/info_48.png" id="infoIcon" alt="Info icon">..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\sites-16[1].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size (bytes): 5430
Entropy (8bit): 1.8780892524229225
Encrypted: false
MD5: 4AA8578194259BE060C3720E63E479D5
SHA1: 47A3F3BCB90A64C6B8F54247F9798D0DD7B4AD8C
SHA-256: 5E735E6799CBF83EAF812A4A576FE6ACBC88728B609C2195B30FF84DFE24ABC7
SHA-512: 2676EB950A787E3BD4DD5185EBA80779E3FA3F781F6F9620C90B664CCF749CDF1FDA04F84A255744E2D22DD72B52C9406EEE3369B2336D3B7DACFF26D8D74494
Malicious: false
Reputation: low
IE Cache URL: https://www.google.com/images/icons/product/sites-16.ico
Preview:............ .h...&... .... .........(....... ..... ..........................B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..............................B..................B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..................................................B..B..B..B..................................................B..B..B..B..B..B..B..B..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ErrorPageTemplate[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators
Size (bytes): 2168
Entropy (8bit): 5.207912016937144
Encrypted: false
MD5: F4FE1CB77E758E1BA56B8A8EC20417C5
SHA1: F4EDA06901EDB98633A686B11D02F4925F827BF0
SHA-256: 8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
SHA-512: 62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
Malicious: false
Reputation: low
Preview:.body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align
Copyright null 2020 Page 21 of 35
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\I-ltr[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 19 x 16, 1-bit colormap, non-interlaced
Size (bytes): 156
Entropy (8bit): 5.111825357233761
Encrypted: false
MD5: 756573A38596F5CB2A9442B9BE899818
SHA1: 4876A0EA3A799F87CF6B289150B407396641F52B
SHA-256: B15A0563AF7BE6A8AA2CCBA2C79F7C9AAC38DD569E91048456EE45404B23EA1A
SHA-512: 0A893FC014EFBF17E5C0E7C6FEB202F41A4636A5E2083DD45C928AE13771B0FE4B87603C0C6DCEB4B9C943A3B5FCAED2C8E5B8F21495C6607E7048C85FA1C26C
Malicious: false
Reputation: low
IE Cache URL: https://ssl.gstatic.com/sites/p/874be4/system/app/images/I-ltr.png
Preview:.PNG........IHDR................!....PLTE.....{.I`z....tRNS.@..f....bKGD....H....pHYs.................tIME....../EF......IDAT..c`h`...h..@...F......IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\arrow_drop_down_black_24dp[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
Size (bytes): 119
Entropy (8bit): 5.814957860914293
Encrypted: false
MD5: 8B3CD55119F7B68259B4E2641EAADE67
SHA1: 9AA4C66C429459BFCAA5EB703BC66B1C7B27BF67
SHA-256: C2400587512148D67ACEA10A41F7AAFB81F61D88009E3530EBC81E2F446504FD
SHA-512: A32B2B5FF3F87E66D3A453540A9C65449A2BFF915E0DC067874DB67DAC04BF54FBE94FDDB72811B1728F00930F2F15AA204E7BDD234D4012B8C8798B30685566
Malicious: false
Reputation: low
IE Cache URL: https://ssl.gstatic.com/images/icons/material/system/2x/arrow_drop_down_black_24dp.png
Preview:.PNG........IHDR...0...0.......1....>IDATx.........._.v..\.`.K...< I.0.".G.....p....wQ........$.J....c...4?....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\bullet[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Size (bytes): 447
Entropy (8bit): 7.304718288205936
Encrypted: false
MD5: 26F971D87CA00E23BD2D064524AEF838
SHA1: 7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
SHA-256: 1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
SHA-512: C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
Malicious: false
Reputation: low
Preview:.PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\cb=gapi[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 308915
Entropy (8bit): 5.522199577071377
Encrypted: false
MD5: 8B773C71FB35982D018A9EA47AFC9C3D
SHA1: 8088F90986012147830CAED261FB0B47DCA4D18C
SHA-256: 56C0E58BA16FF5C2FF98EC98CBA21990666E9B0028323D039D300D881CF86D68
SHA-512: 801B19A2C197157ACF566DD184710E991399E3CD6866CF1AD15754CB1A4A2A0E9E42AEEC9F6DD40DD93D4A245E1FF49B6C0F2CE339014A1F533BAAFF8A196FAB
Malicious: false
Reputation: low
IE Cache URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.hc3rLxj9u8o.O/m=client/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCMtAagp6kGxB19Nep_bTJunj37kww/cb=gapi.loaded_0
Copyright null 2020 Page 22 of 35
Preview:/* JS */ gapi.loaded_0(function(_){var window=this;./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ja,ma,ta,wa,ya,Ba,Ia,Oa;_.ca=function(a){return function(){return _.aa[a].apply(this,arguments)}};_._DumpException=function(a){throw a;};_.aa=[];ja=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ma="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.ta=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};wa=ta(this);ya=function(a,b){if(b)a:{var c=wa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ma(c,a,{configurable:!0,writable:!0,value:b})}}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\cb=gapi[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\core_dynamic-height[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 63620
Entropy (8bit): 5.533542275178059
Encrypted: false
MD5: 1666FAA0FDE18009FA5251432107DF52
SHA1: 3EC0DC8586D7FF065BABE8820896C116ABFFCA1D
SHA-256: F5160A48E4498BD3637453A91DB66D748E7A10FCB8A7E6AFEDDD8F671A7420E0
SHA-512: 8CD978D5C3BD69BEB8B9CCE119B0B3F7C4F9AC57442A116C5F54FD8CC64315EDC2FFE02477A72165D1CD76D686017A4FF74E7ED83ECDC2947B9B8CD060ECE76B
Malicious: false
Reputation: low
IE Cache URL: https://www-sites-opensocial.googleusercontent.com/gadgets/js/core:dynamic-height.js?container=enterprise&nocache=0&debug=0&c=0&v=2018a9863f10adbd8aabed12351b5e7a&sv=10&jsload=0
Preview:./* [start] feature=taming */.var safeJSON=window.safeJSON;.var tamings___=window.tamings___||[];.var bridge___;.var caja___=window.caja___;.var ___=window.___;;../* [end] feature=taming */../* [start] feature=gapi-globals */.var gapi=window.gapi||{};gapi.client=window.gapi&&window.gapi.client||{};.;.;../* [end] feature=gapi-globals */../* [start] feature=globals */.var gadgets=window.gadgets||{},shindig=window.shindig||{},osapi=window.osapi=window.osapi||{};.;../* [end] feature=globals */../* [start] feature=core.config.base */.window['___cfg'] = window['___cfg'] || window['___gcfg'];;.if(!window.gadgets["config"]){gadgets.config=function(){var f;.var h={};.var b={};.function c(j,l){for(var k in l){if(!l.hasOwnProperty(k)){continue.}if(typeof j[k]==="object"&&typeof l[k]==="object"){c(j[k],l[k]).}else{j[k]=l[k].}}}function i(){var j=document.scripts||document.getElementsByTagName("script");.if(!j||j.length==0){return null.}var m;.if(f.u){for(var k=0;.!m&&k<j.length;.++k){var l=j[k];.i
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ga[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 46274
Entropy (8bit): 5.48786904450865
Encrypted: false
MD5: E9372F0EBBCF71F851E3D321EF2A8E5A
SHA1: 2C7D19D1AF7D97085C977D1B69DCB8B84483D87C
SHA-256: 1259EA99BD76596239BFD3102C679EB0A5052578DC526B0452F4D42F8BCDD45F
SHA-512: C3A1C74AC968FC2FA366D9C25442162773DB9AF1289ADFB165FC71E7750A7E62BD22F424F241730F3C2427AFFF8A540C214B3B97219A360A231D4875E6DDEE6F
Malicious: false
Reputation: low
IE Cache URL: https://ssl.google-analytics.com/ga.js
Preview:(function(){var E;var g=window,n=document,p=function(a){var b=g._gaUserPrefs;if(b&&b.ioo&&b.ioo()||a&&!0===g["ga-disable-"+a])return!0;try{var c=g.external;if(c&&c._gaUserPrefs&&"oo"==c._gaUserPrefs)return!0}catch(f){}a=[];b=n.cookie.split(";");c=/^\s*AMP_TOKEN=\s*(.*?)\s*$/;for(var d=0;d<b.length;d++){var e=b[d].match(c);e&&a.push(e[1])}for(b=0;b<a.length;b++)if("$OPT_OUT"==decodeURIComponent(a[b]))return!0;return!1};var q=function(a){return encodeURIComponent?encodeURIComponent(a).replace(/\(/g,"%28").replace(/\)/g,"%29"):a},r=/^(www\.)?google(\.com?)?(\.[a-z]{2})?$/,u=/(^|\.)doubleclick\.net$/i;function Aa(a,b){switch(b){case 0:return""+a;case 1:return 1*a;case 2:return!!a;case 3:return 1E3*a}return a}function Ba(a){return"function"==typeof a}function Ca(a){return void 0!=a&&-1<(a.constructor+"").indexOf("String")}function F(a,b){return void 0==a||"-"==a&&!b||""==a}function Da(a){if(!a||""==a)return"";for(;a&&-1<" \n\r\t".indexOf(a.charAt(0));)a=a.substring(1);for(;a&&-1<" \n\r\t".i
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\googledrive[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Size (bytes): 20664
Entropy (8bit): 5.329787071921112
Encrypted: false
MD5: A7F8120C3276D46D11B6E3FDDEFCBFD7
SHA1: 93A9090629CB26D78DA3924F29445CF41C4A4112
SHA-256: 14D7E2941588F9F915429F641DAC8324BFBA6B836C50C91181D13B45668DE201
SHA-512: EA0BFF100A59ACF23E55D7BE63570FBAE465EE4EF7CC7DFA53022476178013FF893A6E06887737FE9C55A316F5E65F3496BCB654A9A7AA104A966500C917B6B3
Malicious: false
Reputation: low
IE Cache URL: https://sites.google.com/site/id500382349/googledrive
Copyright null 2020 Page 23 of 35
Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" itemscope="" itemtype="http://schema.org/WebPage">.<head>.<meta http-equiv="content-type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="chrome=1" />.<script type="text/javascript">/* Copyright 2008 Google. */ (function() { /*..Copyright The Closure Library Authors..SPDX-License-Identifier: Apache-2.0.*/.(function(){function e(g){this.t={};this.tick=function(h,k,f){this.t[h]=[void 0!=f?f:(new Date).getTime(),k];if(void 0==f)try{window.console.timeStamp("CSI/"+h)}catch(m){}};this.getStartTickTime=function(){return this.t.start[0]};this.tick("start",null,g)}var a;if(window.performance)var d=(a=window.performance.timing)&&a.responseStart;var l=0<d?new e(d):new e;window.jstiming={Timer:e,load:l};if(a){var b=a.navigationStart;0<b&&d>=b&&(window.jstiming.srt=d-b)}if(a){var c=window.jstiming.load
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\googledrive[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\js[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Size (bytes): 1106260
Entropy (8bit): 5.57645950503005
Encrypted: false
MD5: F69BCA01575D2B32B21A44B45EDDDB24
SHA1: 165D8C89F157078176073CF90AAF114E4A3F7135
SHA-256: 345248F71DD5D52A2EBAD4B9FCA7C3E27533F5F743BD2FEC9B6F6AF3B9626F24
SHA-512: F773E0772F3BEAD351CC7FFCE3D3B5933E390860B10AB925ECA88114121BE826DC92B96DB48D3C6FBB75FE70515BA27571FBC17C81F9B4EC430832FD00CE306A
Malicious: false
Reputation: low
IE Cache URL: https://docs.google.com/comments/d/AAHRpnXsyO8Rt87TTHQ1KkSdlmryUGQwWh_QUibS3uu5-JbCdq-U6TXCCndcCjMbADNBg2SIauQJdC3HV98XKU5ku_uNesQf0AWAYHnQFIFf7EVedBBnXAt0Hlh34UoUYPJtloFwHTZHv/api/js?anon=true&pref=2
Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ba=' class="',ca=' data-hovercard-id="',da=' data-name="',ea=' dir="ltr"><div class="',fa=" not supported",ha='" aria-hidden="true">•</div>',ia='" aria-hidden="true">•</div><div class="',ja='" aria-hidden="true"></div></div>',ka='" class="',la='" role="button" tabindex="0" title="',ma='" role="button" tabindex="0">',na='" role="heading">',oa='" style="display: none">',pa='" style="display: none"></div>',qa='" style="display: none"></div><div class="',ta='" style="display: none"><div class="',.ua='" style="display:none"></span></div>',va='" style="width: ',wa='"/><label for="',g='">',xa='"></div>',ya='"></div></div>',za='"></div></div></div>',Aa='"></div></div></div><div class="',Ba='"></div></div><div class="',Ca='"></div><div class="',Da='"><div class="',Ea='"><span class="',Fa='"><table><tr><td class="',Ga="#d6MZcd",Ha="+1 this comment",Ia="+redo",Ja="+undo",Ka="-dcs-bh",La="
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\storage[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Size (bytes): 23055
Entropy (8bit): 5.392441322857199
Encrypted: false
MD5: B48A237EAF4644EC0A1A7B7714BD2212
SHA1: C682EB32BCF2B982D5C40192C7084C78A65B327F
SHA-256: 3C630A2CB7BCDB4F466650EA1D78C0B9238BB706533480A93A1FCEFB89650961
SHA-512: B619E4A16C6FC45FD0C3B52FDFB3B75D421A9D052C6B50799A97BB0B0D644CC927FB68044467AE27B54A3D541B2C68D2E4A78F4D5CF4778C6EEFAE108D8C8058
Malicious: false
Reputation: low
IE Cache URL: https://sites.google.com/site/id500382349/googledrive/share/downloads/storage?FID=4232244712814
Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" itemscope="" itemtype="http://schema.org/WebPage">.<head>.<meta http-equiv="content-type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="chrome=1" />.<script type="text/javascript">/* Copyright 2008 Google. */ (function() { /*..Copyright The Closure Library Authors..SPDX-License-Identifier: Apache-2.0.*/.(function(){function e(g){this.t={};this.tick=function(h,k,f){this.t[h]=[void 0!=f?f:(new Date).getTime(),k];if(void 0==f)try{window.console.timeStamp("CSI/"+h)}catch(m){}};this.getStartTickTime=function(){return this.t.start[0]};this.tick("start",null,g)}var a;if(window.performance)var d=(a=window.performance.timing)&&a.responseStart;var l=0<d?new e(d):new e;window.jstiming={Timer:e,load:l};if(a){var b=a.navigationStart;0<b&&d>=b&&(window.jstiming.srt=d-b)}if(a){var c=window.jstiming.load
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\xpc[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines, with no line terminators
Size (bytes): 2178
Entropy (8bit): 5.616515783638584
Encrypted: false
MD5: 6916F76897B8621E3C95D54C787E1D10
SHA1: 3D975847CA1269F9EF6486455DC8F227265E6829
SHA-256: AF981C3592408F4A440B038F6034C5967456494E20D228DDF2E1918F731E225B
SHA-512: 66ED7583D3B72AFD15910F31E59E8278F71C2AD0E1377570A8851F27D47FCA8A506D20B7F759E618E106FACDC03EA2E82438314DC34E3036B7394ACBED4880BF
Malicious: false
Reputation: low
Copyright null 2020 Page 24 of 35
Preview:<!DOCTYPE html><html><head><meta http-equiv="X-UA-Compatible" content="IE=edge;"><title>Docos Host</title><script type="text/javascript" src="https://93.docs.google.com/comments/d/AAHRpnXsyO8Rt87TTHQ1KkSdlmryUGQwWh_QUibS3uu5-JbCdq2Y1PssUXeNhziBl9XnxxrvKHb87yjwk6b_PxwQBCjYgbJBixc1OLt2hq1J3_sIenq6UZrQdDq3ndd5R8ke0Jc9PECWL/js/host?token" nonce="cjJSX7LVu3GnH/9mUeNXUA"></script></head><body><script type="text/javascript" nonce="cjJSX7LVu3GnH/9mUeNXUA">var host = _docosCreateHost(["//93.docs.google.com/static/comments/client/js/3929654422-docos_binary_i18n.js",["","","","",""],0,null,null,"",[null,0],1,["Anonymous",null,"//ssl.gstatic.com/docs/common/blue_silhouette96-0.png","ANONYMOUS_105250506097979753968",1,null,1],1,"AAHRpnXsyO8Rt87TTHQ1KkSdlmryUGQwWh_QUibS3uu5-JbCdq2Y1PssUXeNhziBl9XnxxrvKHb87yjwk6b_PxwQBCjYgbJBixc1OLt2hq1J3_sIenq6UZrQdDq3ndd5R8ke0Jc9PECWL",1,null,null,null,null,1,1,1,0,"https://93.93.docs.google.com/comments/d/AAHRpnXsyO8Rt87TTHQ1KkSdlmryUGQwWh_QUibS3uu5-JbCdq2Y1PssUXe
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\xpc[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\blue_silhouette96-0[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 96 x 96, 4-bit colormap, non-interlaced
Size (bytes): 431
Entropy (8bit): 7.224094314845388
Encrypted: false
MD5: 4E1088D15A99D3B8778DAD2187D67D29
SHA1: E4925DFF976E1E6A0C18A9FE37F864E0895B1B52
SHA-256: 2218219F38411B92BADA34D14C7FD231B87DC42347257769737F98ACF9034C83
SHA-512: 2DE86064B7D3909E48F35FA763F1A138984BFAE1D2F58B22E4D233270BA603E17AA2CD7E8DC50FFA9A2684BD14959135AA40DEBBC846FE1ECFC6F86A70BDE9AB
Malicious: false
Reputation: low
IE Cache URL: https://ssl.gstatic.com/docs/common/blue_silhouette96-0.png
Preview:.PNG........IHDR...`...`.......j.....PLTE............d..Ct.8m.`.Cq...UIDATx....N.1....$..x.$.A......?g...#.J..q....~...3......=.Gv\=..r...o$. ...~..dK\....T....r. ...d.....-..W@.z.GdH...[....B.[.4......doS........3...5dm}-.4...-.>,.=..4I....K....%}."K.Ui."..drH.#c".@..<.E..SGf...........C..v...%..r.._C../.7SO*?....I...Z.n....d.t.[....~.rr.W..).0,...GN.6.(..E.7........%.PVu.4P........t7..............IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\camelot[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 842 x 17, 8-bit/color RGBA, non-interlaced
Size (bytes): 3827
Entropy (8bit): 7.897599275600258
Encrypted: false
MD5: 5B8D3E2247DD46B3C38304417E37EEEB
SHA1: 336776F4039D1CE46A76C31C78CC514AADB78C69
SHA-256: 249F0F77045CAF964DC7728262B357F7EC91BBA35B6FB9E3BBCC053088A73640
SHA-512: 263A99C0567EFA684D205A0DB74CF8D714F5CEE84D954231A732AF93E2EB67B923D59AAE79DBDFD959F9D839A103FE3FBBA79A48FB86F075F93E1671D52E84D2
Malicious: false
Reputation: low
IE Cache URL: https://sites.google.com/site/id500382349/_/rsrc/1599117977000/system/app/images/camelot.png
Preview:.PNG........IHDR...J..........{\D....IDATx..[.U...I.M..S|.y. ..1..}h.K.E...P).C... B...4..qZ.(^....4.C.DKL+.......(H.J..Z-.pu}.o.Yg.u..s....c....{.....!....D...@T......:._.x..X.....S..._....{.9..eC.R^.{I..C.wq.G..]a>".....1jq..+..u.i8......l.x...x.-.Z...:q.1}hh..b.rk.X...].-..c.X].W.A..yq...c9.+...=<.]s1..'ORp. .>.)...gD.......,Y...;{,...m.s,>{l.l...C.....N....s..cJ.......5....Y`,C>F.....B..X5x....X..V./^......z.-Z...E.w./.7.cz3...H7..C.i.........CE.$...c....~:c......w9.#.......J..`.....L..y.f..a...f=}-....+.^.7a..a..T19.).L.$z..R.....5.4.......L.i.,.V. ..4b]...X.....5k....J.7.q.v|-E......(.s0.AI.O:..$...R|H"2(1....+.]....(P....O.J.../.r..I..T.?.~..';v....qI!.2.....K.....o.....)] ...!.|...(.1.g../.................p.{.-4.b@.A..a.z.j:>>...j...... .....9..n.}..5._.......K9.%_E'TQR)?.(.....(.*N.&...K...j..OP..(MUP:.y. ...(z..z-5(u.v.....t@d..y.:u.OM.%....\.].(!..a....@.........%.5.....1......K......~~....MH.....6.j...^.D.#.(.0.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\hd-bg[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 30
Size (bytes): 46
Entropy (8bit): 3.4106608821459092
Encrypted: false
MD5: D8111CDA1B07450750B802863B34F9DC
SHA1: 262BEB5406EDFF4C5B5C870B04AC1DB93D1FC929
SHA-256: 7838BFC03AE0716262D2B405EBBEF5D7AC2EA60B4E04337AB996D0D4B2B062D2
SHA-512: D8D9C5B33DFB92B3233DF3964E81B744306A83BB031C9CC14DED2E2A1BF6BC80304A676DD7567BC46ED7F79859AF56ECE4B13B8C6E8F95FB8244877658A5354E
Malicious: false
Reputation: low
IE Cache URL: https://ssl.gstatic.com/sites/p/874be4/system/app/themes/microlite/hd-bg.gif
Preview:GIF89a.............!.......,..............k..;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\httpErrorPagesScripts[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators
Size (bytes): 12105
Copyright null 2020 Page 25 of 35
Entropy (8bit): 5.451485481468043
Encrypted: false
MD5: 9234071287E637F85D721463C488704C
SHA1: CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
SHA-256: 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
SHA-512: 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
Malicious: false
Reputation: low
Preview:...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\httpErrorPagesScripts[1]
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\jot_min__en[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Size (bytes): 1083484
Entropy (8bit): 5.496235475233488
Encrypted: false
MD5: D7300833A65271ECDA78A8A29DD941F4
SHA1: 89646B2DC1EEED463E700269D98EECC24ABC9190
SHA-256: 3B1ABC2DEFDE3A97B7162B1C4498889DCAD44A968ABDB779B4F1F2C2A39EF129
SHA-512: 6D2C5F06E6DD1A566460D04B5986694A4D4FA562A8C51C993CAF7A6C512CBABDED01FD342BDC398E7C6363D7A7F92E99F4349EC0C26EBC8EC3268F405C4C2B4D
Malicious: false
Reputation: low
IE Cache URL: https://ssl.gstatic.com/sites/p/874be4/system/js/jot_min__en.js
Preview:/* Copyright 2008 Google. */ (function() { var aa=" and communicationType=",ba=" and hash=",ca=" apps-actiondatawidget-content-element",da=" checked",ea=' checked="checked"',fa=" goog-inline-block",ha=" picker-navpaneitem-not-clickable",ia=" selected",ja=' style="ime-mode:disabled"',la='" aria-label="',ma='" class="',oa='" data-tooltip-unhoverable="true"',qa='" dir="',ra='" is not registered',sa='" style="margin-left: 6px">',ta='" tabindex="0" role="button">',ua='" title="',va='" with value "',wa='"/></td><td><p><strong>',xa='"/><div class="',.ya='"/><p style="color: gray">',za='">',Aa='"> </span>',Ba='"></div>',Ca='"></div><div class="',Da='"></iframe>',Ea='"></span></a></p>',Fa='"></span><span class="',Ga='"><a target="keyboard_shortcuts_help_window" href="',Ha='"><div class="',Ia='"><span id="',Ja='"><table cellpadding="0" class="',Ka='"><tr><td class="',La="&&&START&&&",Ma="' not supported in V2",Na="' of type ",Oa="-10000px",Pa="-caption",Qa="-content",Ra="-default",Sa="-disa
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\js[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Size (bytes): 1101495
Entropy (8bit): 5.575128622176692
Encrypted: false
MD5: 72E20FCB76D847B37224F3457ACABC2D
SHA1: 5BDA65386C571D628FAB927909409EB236712F59
SHA-256: 681DC5FF9AA678121A662F7D3010853D9D3CD8BA8906229AF431E8F6A8B0C20C
SHA-512: A48C3537BDD106D8BD59972D767D7829772585F7F0B115D03F258EC2D98C534CD7CA4CF18E707FBCBAC41BD69F1C326CF96D0545E0ED2A2E5F542102CD7F226A
Malicious: false
Reputation: low
IE Cache URL: https://docs.google.com/comments/d/AAHRpnXsyO8Rt87TTHQ1KkSdlmryUGQwWh_QUibS3uu5-JbCdqyGyf0ezGhg0XztCqEy3tTpHyNow3YnrI8DSDE-0kfL_bzJEG0zqeHluldYAkqZnjh5NLPwaxkPdrmesXaDlz7jCi5e5/api/js?anon=true&pref=2
Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ba=' class="',ca=' data-hovercard-id="',da=' data-name="',ea=' dir="ltr"><div class="',fa=" not supported",ha='" aria-hidden="true">•</div>',ia='" aria-hidden="true">•</div><div class="',ja='" aria-hidden="true"></div></div>',ka='" class="',la='" role="button" tabindex="0" title="',ma='" role="button" tabindex="0">',na='" style="display: none">',oa='" style="display: none"></div>',pa='" style="display: none"></div><div class="',sa='" style="display: none"><div class="',ta='" style="display:none"></span></div>',.ua='" style="width: ',va='"/><label for="',g='">',wa='"></div>',xa='"></div></div>',ya='"></div></div></div>',za='"></div></div></div><div class="',Aa='"></div></div><div class="',Ba='"></div><div class="',Ca='"><div class="',Da='"><span class="',Ea='"><table><tr><td class="',Fa="#d6MZcd",Ga="+1 this comment",Ha="+redo",Ia="+undo",Ja="-dcs-c",Ka="-dcs-ff-dcs-ke",La="-dcs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\platform[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 50447
Entropy (8bit): 5.546374912689089
Encrypted: false
MD5: 1229ECD9451BC380316E852E4A02BF0D
SHA1: 070B37FCB4839870EE53856F599EF83318E04C4E
SHA-256: 092F3201317B7EF608F6A899D395D36CFFCCA4D6824F00BC50120E84341C76F2
Copyright null 2020 Page 26 of 35
SHA-512: 4347FC0917CC65080129471A2C7ABD7045EFF115C96DF2D799EADEFE505C826D2302584F329B05728418E4D9B8C09659491EC90DB2DEF5A61E4AFB08D9F628D5
Malicious: false
Reputation: low
IE Cache URL: https://apis.google.com/js/platform.js
Preview:var gapi=window.gapi=window.gapi||{};gapi._bs=new Date().getTime();(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var aa="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a},ba=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");},ea=ba(this),fa=function(a,b){if(b)a:{var c=ea;a=a.split(".");for(var d=0;d<.a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&aa(c,a,{configurable:!0,writable:!0,value:b})}},ha=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};.fa("Symbol",function(a){if(a)return a;var b=function(e,f){this.ea=e;aa(this,"description",{c
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\platform[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\tree_ltr[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 248 x 49
Size (bytes): 2473
Entropy (8bit): 7.393961922467035
Encrypted: false
MD5: FDEDBD3DF3491CE6E7B01EF235EEFDCD
SHA1: 9E6F5F95EBD486328A9E29EEC2EBC1ECBCD58539
SHA-256: F705C251089785679AE5D3587943C9E54AACC4DF64798226B12A04DD24C3ABEF
SHA-512: B4A0879B8CD0FED4D77129CAAB69B7E1BC16AF494069302BD45B3AD7FB335AAFB5AA9D6BEF2459123A5FC7E88A17C669E66B403D0A99B195B843930996362FD1
Malicious: false
Reputation: low
IE Cache URL: https://ssl.gstatic.com/sites/p/874be4/system/app/images/tree_ltr.gif
Preview:GIF89a..1..........5o!;r"""'@~(f.)@q-J.0)&0M.5U.6M{8Q|94)9S.:\.;X.????Y.@Y.A`.C\.DDDF..Jd.Jl.Mh.Nh.TF?Tk.UUUVk.Ww.ZZZ]p.^x.bv.f..h|.h..lmkm~.m..p..p..q..q..s..v..y..z..{..|}.~........................................................................X$...........//.......23..........99.............`(.......CC....s..GG.dl....}L..........V....ru.d....................v..|...........................................................................................................................................................................................................................................................................................................................................................................!.......,......1........H......*..c....B..p"E../....?. C..I..H.(S.\......9....8o..Y3gN.0.2d.cQ.G/&..T.L.6}.|J3.T.B.j...K.=.R..U..<i.M..#.i...e.w..%.V.M.W..5.U `.{..L,.1b..!?..tf...O....F..p:^,.R.s.>M).h.D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\tz[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text
Size (bytes): 205
Entropy (8bit): 5.256454414535407
Encrypted: false
MD5: 759A6D8E314BADBEE016C4AAEDE8AD8A
SHA1: C896AB25F8D2A30DB2024B6A91B4B8CC2608730F
SHA-256: A4A57B289EF1E7D9FB6152435D66D09EF392420BF586B660BF12A956335069A6
SHA-512: 409995A548548DCD8D303E5C291EC1CB33A3696A4E60B9F7273342D1481F774C76207B218D39196C70B2C9EBDD4768F5DAFD726103EEAB94C89DF207399B4A38
Malicious: false
Reputation: low
IE Cache URL: https://sites.google.com/site/id500382349/_/tz?jot.xtok=undefined&afjstz=wg1E0r1g1A4r2g1E0r2g1A4r8
Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml"><body>America/Los_Angeles</body></html>.
C:\Users\user\AppData\Local\Temp\~DF40C30D7E0224DBC5.TMPProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: data
Size (bytes): 13077
Entropy (8bit): 0.5092737690342094
Encrypted: false
MD5: 4CAA681084CA68E0CA55CF79FA1728C5
SHA1: E6BC62C6E946B3BDE467CEB14EDADEA4CAA1A689
SHA-256: 0E3B32417CE83B13DD1B302D177812D1CED9D6379A0C74B6CAF865EDD926530E
SHA-512: 92E04E9B2C7F7483D92A3EC307853A83C804F7EB056AE3C5F95F90768D3E31D4A4CE02FE561081838AECA7EEED588F85921AFE514E9E18EF62A0BEBC60F5B932
Malicious: false
Reputation: low
Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
Copyright null 2020 Page 27 of 35
Static File Info
No static file info
Network Port Distribution
C:\Users\user\AppData\Local\Temp\~DF47B0568FF82688E9.TMPProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: data
Size (bytes): 29745
Entropy (8bit): 0.34180041404448935
Encrypted: false
MD5: D4C00C2478D9E5F284F2621B6BF8485B
SHA1: C51A3B6488CACE4E8F4D0B55226057A6D95D3688
SHA-256: 292640AD6F55E52CD00075304325AE12D2532C1F764BB4DFADB964CF02D61E65
SHA-512: 3501544E24E60E4FEFCA0BAE80E41DE62C0A2F71FDAB636E6FF2C634D7405C037E9F0F3DCED2F49D2964E5DCC421CE422214DBFC2F290C04B31240D6460C221E
Malicious: false
Reputation: low
Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\~DF599F0070536B1B07.TMPProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: data
Size (bytes): 189239
Entropy (8bit): 1.3789969254130263
Encrypted: false
MD5: 58F9DB499DD3134770103FC34A31C33C
SHA1: DBDEE693F5A4CEB508A3172EC5B8862B78C8C9CB
SHA-256: 999014765B97A47879FA8F2EF241DD99DA1EDC660B8EC20CD4EF9C28E722ACDB
SHA-512: E10C07B1A4832CD851E3B0F02FDF03F3AF92E0B8D0E9078BE243E8547CC6A7D968226AF58C3FE627E4E154B5ED24A8407E3F3FE30A3516070F99C2A363E52C98
Malicious: false
Reputation: low
Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\D3V5O1VVFGLN580XOIJE.tempProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: data
Size (bytes): 3440
Entropy (8bit): 3.1824604906254796
Encrypted: false
MD5: 109CE24328515FA56AD163A1C803C30C
SHA1: B8A411DDD0AE6AAABC950908CC1D50080818A596
SHA-256: 69D965EB0037BC5824C56775F600415D5AE988D816E5FF174868D2771F48FB26
SHA-512: 5814574B007A4F4B2702A6E5E24D89ADB614B5FC54248D89A77FF8EBCCB66E4285BD2B9B9E898BD833F705856821F3A37DB17F988026082E519C4CB57B2790BE
Malicious: false
Reputation: low
Preview:...................................FL..................F.@.. .....@.>......d.....?.c................................P.O. .:i.....+00.../C:\.....................1......Qt?..PROGRA~1..t......L..Qt?....E...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1......L.J..INTERN~1..T......L.0Q................................i.n.t.e.r.n.e.t. .e.x.p.l.o.r.e.r.....f.2......L.9 .iexplore.exe..J......L.J0Q.......R..........x.............i.e.x.p.l.o.r.e...e.x.e.......^...............-.......]..............{.....C:\Program Files\internet explorer\iexplore.exe....-.p.r.i.v.a.t.e...C.:.\.W.i.n.d.o.w.s.\.S.Y.S.T.E.M.3.2.\.I.E.F.R.A.M.E...d.l.l.........%SystemRoot%\SYSTEM32\IEFRAME.dll...................................................................................................................................................................................................................................%.S.y.s.t.e.m.R.o.o.t.%.\.S.Y.S.T.E.M.3.2.\.I
Network Behavior
Copyright null 2020 Page 28 of 35
Total Packets: 93
• 53 (DNS)
• 443 (HTTPS)
Timestamp Source Port Dest Port Source IP Dest IP
Sep 15, 2020 18:47:55.690987110 CEST 49723 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.691286087 CEST 49724 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.707022905 CEST 443 49723 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.707123041 CEST 49723 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.707237005 CEST 443 49724 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.707305908 CEST 49724 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.709959984 CEST 49724 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.710859060 CEST 49723 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.725639105 CEST 443 49724 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.726524115 CEST 443 49723 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.732995987 CEST 443 49724 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.733035088 CEST 443 49724 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.733062029 CEST 49724 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.733072042 CEST 443 49724 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.733088970 CEST 49724 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.733107090 CEST 443 49724 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.733135939 CEST 49724 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.733165979 CEST 49724 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.733721018 CEST 443 49723 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.733768940 CEST 443 49723 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.733795881 CEST 49723 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.733810902 CEST 443 49723 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.733820915 CEST 49723 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.733845949 CEST 443 49723 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.733855963 CEST 49723 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.733894110 CEST 49723 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.745122910 CEST 49724 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.745511055 CEST 49724 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.745821953 CEST 49724 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.746299028 CEST 49723 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.746711969 CEST 49723 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.761179924 CEST 443 49724 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.761214018 CEST 443 49724 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.761267900 CEST 49724 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.761295080 CEST 49724 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.761372089 CEST 443 49724 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.761418104 CEST 49724 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.762239933 CEST 443 49723 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.762270927 CEST 443 49723 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.762310028 CEST 49723 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.762345076 CEST 49723 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.762563944 CEST 443 49723 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.762617111 CEST 49723 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.762618065 CEST 443 49724 172.217.22.33 192.168.2.4
TCP Packets
Copyright null 2020 Page 29 of 35
Sep 15, 2020 18:47:55.762660027 CEST 443 49724 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.762664080 CEST 49724 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.762696981 CEST 443 49724 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.762706995 CEST 49724 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.762733936 CEST 443 49724 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.762737989 CEST 49724 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.762778044 CEST 49724 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.763462067 CEST 443 49724 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.763515949 CEST 443 49724 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.763535023 CEST 49724 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.763561010 CEST 49724 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.763787985 CEST 49724 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.764250994 CEST 443 49724 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.764278889 CEST 443 49724 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.764302969 CEST 49724 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.764326096 CEST 49724 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.764676094 CEST 443 49724 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.764722109 CEST 49724 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.769175053 CEST 49724 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.784282923 CEST 443 49724 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.785144091 CEST 443 49724 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:55.785728931 CEST 49723 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:55.806607962 CEST 443 49723 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:56.183621883 CEST 49725 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:56.183656931 CEST 49726 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:56.199415922 CEST 443 49725 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:56.199461937 CEST 443 49726 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:56.199541092 CEST 49725 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:56.199590921 CEST 49726 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:56.200628042 CEST 49726 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:56.200782061 CEST 49725 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:56.217101097 CEST 443 49726 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:56.217139959 CEST 443 49725 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:56.224281073 CEST 443 49726 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:56.224359035 CEST 443 49726 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:56.224359989 CEST 49726 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:56.224397898 CEST 443 49726 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:56.224409103 CEST 49726 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:56.224435091 CEST 443 49726 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:56.224438906 CEST 49726 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:56.224473000 CEST 443 49725 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:56.224483013 CEST 49726 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:56.224510908 CEST 443 49725 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:56.224559069 CEST 443 49725 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:56.224570036 CEST 49725 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:56.224587917 CEST 49725 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:56.224597931 CEST 49725 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:56.224600077 CEST 443 49725 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:56.224656105 CEST 49725 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:56.232004881 CEST 49725 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:56.232579947 CEST 49725 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:56.232783079 CEST 49725 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:56.233166933 CEST 49726 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:56.233975887 CEST 49726 443 192.168.2.4 172.217.22.33
Sep 15, 2020 18:47:56.248075962 CEST 443 49725 172.217.22.33 192.168.2.4
Sep 15, 2020 18:47:56.248119116 CEST 443 49725 172.217.22.33 192.168.2.4
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source Port Dest Port Source IP Dest IP
Sep 15, 2020 18:47:49.022228956 CEST 61585 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:47:49.045855045 CEST 53 61585 8.8.8.8 192.168.2.4
Sep 15, 2020 18:47:49.996522903 CEST 63540 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:47:50.020499945 CEST 53 63540 8.8.8.8 192.168.2.4
UDP Packets
Copyright null 2020 Page 30 of 35
Sep 15, 2020 18:47:54.020509958 CEST 50757 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:47:54.054280043 CEST 53 50757 8.8.8.8 192.168.2.4
Sep 15, 2020 18:47:55.158193111 CEST 59058 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:47:55.190318108 CEST 53 59058 8.8.8.8 192.168.2.4
Sep 15, 2020 18:47:55.638793945 CEST 53809 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:47:55.647849083 CEST 52224 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:47:55.679241896 CEST 53 53809 8.8.8.8 192.168.2.4
Sep 15, 2020 18:47:55.687756062 CEST 53 52224 8.8.8.8 192.168.2.4
Sep 15, 2020 18:47:56.128097057 CEST 57637 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:47:56.168015957 CEST 53 57637 8.8.8.8 192.168.2.4
Sep 15, 2020 18:47:56.492638111 CEST 63419 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:47:56.524523973 CEST 53 63419 8.8.8.8 192.168.2.4
Sep 15, 2020 18:47:56.638776064 CEST 54357 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:47:56.763195038 CEST 53 54357 8.8.8.8 192.168.2.4
Sep 15, 2020 18:47:57.505275011 CEST 60328 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:47:57.545432091 CEST 53 60328 8.8.8.8 192.168.2.4
Sep 15, 2020 18:47:57.816082001 CEST 49936 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:47:57.849301100 CEST 53 49936 8.8.8.8 192.168.2.4
Sep 15, 2020 18:48:11.716038942 CEST 52456 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:48:11.739912033 CEST 53 52456 8.8.8.8 192.168.2.4
Sep 15, 2020 18:48:15.502826929 CEST 65061 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:48:15.526535988 CEST 53 65061 8.8.8.8 192.168.2.4
Sep 15, 2020 18:48:16.377235889 CEST 58776 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:48:16.417547941 CEST 53 58776 8.8.8.8 192.168.2.4
Sep 15, 2020 18:48:16.553303003 CEST 52994 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:48:16.595835924 CEST 53 52994 8.8.8.8 192.168.2.4
Sep 15, 2020 18:48:22.032012939 CEST 56954 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:48:22.072313070 CEST 53 56954 8.8.8.8 192.168.2.4
Sep 15, 2020 18:48:24.018898010 CEST 63252 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:48:24.042655945 CEST 53 63252 8.8.8.8 192.168.2.4
Sep 15, 2020 18:48:24.749752045 CEST 63343 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:48:24.784117937 CEST 53 63343 8.8.8.8 192.168.2.4
Sep 15, 2020 18:48:25.034807920 CEST 63252 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:48:25.066817999 CEST 53 63252 8.8.8.8 192.168.2.4
Sep 15, 2020 18:48:25.800040960 CEST 63343 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:48:25.832098007 CEST 53 63343 8.8.8.8 192.168.2.4
Sep 15, 2020 18:48:26.033946037 CEST 63252 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:48:26.066056013 CEST 53 63252 8.8.8.8 192.168.2.4
Sep 15, 2020 18:48:26.291357040 CEST 49290 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:48:26.365127087 CEST 53 49290 8.8.8.8 192.168.2.4
Sep 15, 2020 18:48:27.342248917 CEST 63343 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:48:27.366125107 CEST 53 63343 8.8.8.8 192.168.2.4
Sep 15, 2020 18:48:28.051222086 CEST 63252 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:48:28.083138943 CEST 53 63252 8.8.8.8 192.168.2.4
Sep 15, 2020 18:48:29.332897902 CEST 63343 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:48:29.356615067 CEST 53 63343 8.8.8.8 192.168.2.4
Sep 15, 2020 18:48:30.838701963 CEST 58969 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:48:30.870826006 CEST 53 58969 8.8.8.8 192.168.2.4
Sep 15, 2020 18:48:32.059391022 CEST 63252 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:48:32.083072901 CEST 53 63252 8.8.8.8 192.168.2.4
Sep 15, 2020 18:48:32.609025002 CEST 60749 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:48:32.648963928 CEST 53 60749 8.8.8.8 192.168.2.4
Sep 15, 2020 18:48:33.527977943 CEST 63343 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:48:33.560332060 CEST 53 63343 8.8.8.8 192.168.2.4
Sep 15, 2020 18:48:38.662096024 CEST 60322 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:48:38.685915947 CEST 53 60322 8.8.8.8 192.168.2.4
Sep 15, 2020 18:49:58.400036097 CEST 52297 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:49:58.482831955 CEST 53 52297 8.8.8.8 192.168.2.4
Sep 15, 2020 18:49:58.897221088 CEST 49932 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:49:58.929349899 CEST 53 49932 8.8.8.8 192.168.2.4
Sep 15, 2020 18:49:59.319366932 CEST 57715 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:49:59.351455927 CEST 53 57715 8.8.8.8 192.168.2.4
Sep 15, 2020 18:49:59.958955050 CEST 60858 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:50:00.020360947 CEST 53 60858 8.8.8.8 192.168.2.4
Timestamp Source Port Dest Port Source IP Dest IP
Copyright null 2020 Page 31 of 35
Sep 15, 2020 18:50:00.432188034 CEST 60271 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:50:00.466459990 CEST 53 60271 8.8.8.8 192.168.2.4
Sep 15, 2020 18:50:00.755445957 CEST 56323 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:50:00.787507057 CEST 53 56323 8.8.8.8 192.168.2.4
Sep 15, 2020 18:50:01.081192970 CEST 62062 53 192.168.2.4 8.8.8.8
Sep 15, 2020 18:50:01.113362074 CEST 53 62062 8.8.8.8 192.168.2.4
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Sep 15, 2020 18:47:55.647849083 CEST 192.168.2.4 8.8.8.8 0x5799 Standard query (0)
www-sites-opensocial.googleusercontent.com
A (IP address) IN (0x0001)
Sep 15, 2020 18:47:56.128097057 CEST 192.168.2.4 8.8.8.8 0x7d35 Standard query (0)
tal2tot4uenli8d3lphbjvrrl237cfes-a-sites-opensocial.googleusercontent.com
A (IP address) IN (0x0001)
Sep 15, 2020 18:47:56.638776064 CEST 192.168.2.4 8.8.8.8 0xed0d Standard query (0)
storageonnet.top A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Sep 15, 2020 18:47:55.687756062 CEST
8.8.8.8 192.168.2.4 0x5799 No error (0) www-sites-opensocial.googleusercontent.com
googlehosted.l.googleusercontent.com
CNAME (Canonical name)
IN (0x0001)
Sep 15, 2020 18:47:55.687756062 CEST
8.8.8.8 192.168.2.4 0x5799 No error (0) googlehosted.l.googleusercontent.com
172.217.22.33 A (IP address) IN (0x0001)
Sep 15, 2020 18:47:56.168015957 CEST
8.8.8.8 192.168.2.4 0x7d35 No error (0) tal2tot4uenli8d3lphbjvrrl237cfes-a-sites-opensocial.googleusercontent.com
googlehosted.l.googleusercontent.com
CNAME (Canonical name)
IN (0x0001)
Sep 15, 2020 18:47:56.168015957 CEST
8.8.8.8 192.168.2.4 0x7d35 No error (0) googlehosted.l.googleusercontent.com
172.217.22.33 A (IP address) IN (0x0001)
Sep 15, 2020 18:47:56.763195038 CEST
8.8.8.8 192.168.2.4 0xed0d No error (0) storageonnet.top 104.27.187.2 A (IP address) IN (0x0001)
Sep 15, 2020 18:47:56.763195038 CEST
8.8.8.8 192.168.2.4 0xed0d No error (0) storageonnet.top 172.67.223.112 A (IP address) IN (0x0001)
Sep 15, 2020 18:47:56.763195038 CEST
8.8.8.8 192.168.2.4 0xed0d No error (0) storageonnet.top 104.27.186.2 A (IP address) IN (0x0001)
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Sep 15, 2020 18:47:55.733107090 CEST
172.217.22.33 443 192.168.2.4 49724 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Sep 03 08:40:15 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Thu Nov 26 07:40:15 CET 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
DNS Queries
DNS Answers
HTTPS Packets
Copyright null 2020 Page 32 of 35
Code Manipulations
Sep 15, 2020 18:47:55.733845949 CEST
172.217.22.33 443 192.168.2.4 49723 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Sep 03 08:40:15 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Thu Nov 26 07:40:15 CET 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Sep 15, 2020 18:47:56.224435091 CEST
172.217.22.33 443 192.168.2.4 49726 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Sep 03 08:40:15 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Thu Nov 26 07:40:15 CET 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Sep 15, 2020 18:47:56.224600077 CEST
172.217.22.33 443 192.168.2.4 49725 CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Sep 03 08:40:15 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Thu Nov 26 07:40:15 CET 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Sep 15, 2020 18:47:56.826143026 CEST
104.27.187.2 443 192.168.2.4 49729 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Thu Aug 06 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020
Fri Aug 06 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Mon Jan 27 13:48:08 CET 2020
Wed Jan 01 00:59:59 CET 2025
Sep 15, 2020 18:47:56.827517986 CEST
104.27.187.2 443 192.168.2.4 49730 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Thu Aug 06 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020
Fri Aug 06 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Mon Jan 27 13:48:08 CET 2020
Wed Jan 01 00:59:59 CET 2025
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2020 Page 33 of 35
Statistics
Behavior
• iexplore.exe
• iexplore.exe
Click to jump to process
System Behavior
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Start time: 18:47:53
Start date: 15/09/2020
Path: C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit): false
Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase: 0x7ff7e0be0000
File size: 823560 bytes
MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: low
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
Analysis Process: iexplore.exe PID: 6888 Parent PID: 796Analysis Process: iexplore.exe PID: 6888 Parent PID: 796
General
Copyright null 2020 Page 34 of 35
Disassembly
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Start time: 18:47:54
Start date: 15/09/2020
Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit): true
Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6888 CREDAT:17410 /prefetch:2
Imagebase: 0x1250000
File size: 822536 bytes
MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: low
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
Analysis Process: iexplore.exe PID: 6936 Parent PID: 6888Analysis Process: iexplore.exe PID: 6936 Parent PID: 6888
General
Copyright null 2020 Page 35 of 35
top related